Mailing List Archive: OpenSSH: Bugs

[Bug 2011] sandbox selection needs some kind of fallback mechanism

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

May 18, 2012, 7:45 AM

Post #1 of 6 (157 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #1 from Colin Watson <cjwatson [at] debian> 2012-05-19 00:45:42 EST ---
Created attachment 2154
--> https://bugzilla.mindrot.org/attachment.cgi?id=2154
strawman patch for sandbox fallback

Perhaps something along these general lines? I haven't quite got
seccomp_filter working for me with this patch yet; the probing
subprocess gets SIGSYS rather than doing anything more useful.
However, that might be something to do with running 32-bit userspace on
a 64-bit kernel, and it does at least manage to fall back to the rlimit
sandbox.

I'd welcome comments on the general approach, anyway.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

May 18, 2012, 10:40 AM

Post #2 of 6 (151 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #2 from Colin Watson <cjwatson [at] debian> 2012-05-19 03:40:45 EST ---
Created attachment 2155
--> https://bugzilla.mindrot.org/attachment.cgi?id=2155
fixed strawman patch

Kees Cook set me straight; I was configuring with the wrong --build so
it was getting killed by the architecture check (due to my 32-on-64
setup). This version actually works for me.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

May 18, 2012, 12:52 PM

Post #3 of 6 (151 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

Kees Cook <kees [at] outflux> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |kees [at] outflux

--- Comment #3 from Kees Cook <kees [at] outflux> 2012-05-19 05:52:01 EST ---
FWIW, this looks good to me. I prefer the idea of this being runtime
detected over configure-time detected.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

May 31, 2012, 5:40 PM

Post #4 of 6 (129 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #4 from Damien Miller <djm [at] mindrot> 2012-06-01 10:40:30 EST ---
Created attachment 2160
--> https://bugzilla.mindrot.org/attachment.cgi?id=2160
seccomp-fallback.diff

fallback to rlimit in seccomp sandbox

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

May 31, 2012, 5:42 PM

Post #5 of 6 (130 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm [at] mindrot

--- Comment #5 from Damien Miller <djm [at] mindrot> 2012-06-01 10:42:05 EST ---
I think the proposed patch is a little over-complicated. The only
viable fallback path at the moment is to the rlimit pseudo-sandbox, so
let's allow that without fatal() for the seccomp case. Attachment #2160
implements this.

I'm happy to revisit this if we ever have a deeper stack of candidate
sandboxes for a platform.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

May 31, 2012, 5:52 PM

Post #6 of 6 (128 views)
Permalink

[Bug 2011] sandbox selection needs some kind of fallback mechanism [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #6 from Darren Tucker <dtucker [at] zip> 2012-06-01 10:52:04 EST ---
Comment on attachment 2160
--> https://bugzilla.mindrot.org/attachment.cgi?id=2160
seccomp-fallback.diff

seems reasonable, although I'd make the verbose() calls into debug3s,
since otherwise it'll spam logs.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads